本文整理汇总了Java中javax.xml.crypto.dsig.dom.DOMValidateContext.setProperty方法的典型用法代码示例。如果您正苦于以下问题:Java DOMValidateContext.setProperty方法的具体用法?Java DOMValidateContext.setProperty怎么用?Java DOMValidateContext.setProperty使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.xml.crypto.dsig.dom.DOMValidateContext
的用法示例。
在下文中一共展示了DOMValidateContext.setProperty方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testLocalFilesystem
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@org.junit.Test
public void testLocalFilesystem() throws Exception {
String file = "signature-external-c14n-xmlatrs.xml";
DOMValidateContext vc =
validator.getValidateContext(
file, new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"))
);
vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
boolean coreValidity = validator.validate(vc);
assertTrue("Signature failed core validation", coreValidity);
vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
try {
validator.validate(vc);
fail("Failure expected when secure validation is enabled");
} catch (XMLSignatureException ex) {
assertTrue(ex.getMessage().contains("URIReferenceException"));
}
}
示例2: validate
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
boolean validate(String fn, KeySelector ks, URIDereferencer ud,
boolean cache) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setValidating(false);
Document doc = dbf.newDocumentBuilder().parse(new File(dir, fn));
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Couldn't find signature Element");
}
Element sigElement = (Element) nl.item(0);
DOMValidateContext vc = new DOMValidateContext(ks, sigElement);
vc.setBaseURI(dir.toURI().toString());
if (cache) {
vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
}
XMLSignatureFactory factory = XMLSignatureFactory.getInstance();
XMLSignature signature = factory.unmarshalXMLSignature(vc);
if (ud != null) {
vc.setURIDereferencer(ud);
}
boolean coreValidity = signature.validate(vc);
// Check reference cache
if (cache) {
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
Reference ref = (Reference) i.next();
if (!digestInputEqual(ref)) {
throw new Exception
("cached data for Reference[" + j + "] is not correct");
}
// check that dereferenced data does not contain comment nodes
if (ref.getURI() == "") {
System.out.println("checking deref data");
NodeSetData data = (NodeSetData) ref.getDereferencedData();
Iterator ni = data.iterator();
while (ni.hasNext()) {
Node n = (Node) ni.next();
if (n.getNodeType() == Node.COMMENT_NODE) {
throw new Exception("dereferenced data for " +
" Reference[" + j + " contains comment node");
}
}
}
}
}
return coreValidity;
}
示例3: main
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setValidating(false);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
Document doc = dbf.newDocumentBuilder().parse(new File(SIGNATURE));
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
if (nl.getLength() == 0) {
throw new RuntimeException("Couldn't find 'Signature' element");
}
Element element = (Element) nl.item(0);
byte[] keyBytes = Base64.getDecoder().decode(validationKey);
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey key = kf.generatePublic(spec);
KeySelector ks = KeySelector.singletonKeySelector(key);
DOMValidateContext vc = new DOMValidateContext(ks, element);
// disable secure validation mode
vc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
// set a dummy dereferencer to be able to get content by references
vc.setURIDereferencer(dereferencer);
XMLSignatureFactory factory = XMLSignatureFactory.getInstance();
XMLSignature signature = factory.unmarshalXMLSignature(vc);
// run validation
signature.validate(vc);
}
示例4: testWrappingAttack
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@org.junit.Test
public void testWrappingAttack() throws Exception {
String file = "manifestSignatureWrapping.xml";
Document doc = XMLUtils.createDocumentBuilder(false, false).parse(new File(dir, file));
Element sigElement = SignatureValidator.getSignatureElement(doc);
if (sigElement == null) {
throw new Exception("Couldn't find signature Element");
}
DOMValidateContext vc =
new DOMValidateContext(new KeySelectors.KeyValueKeySelector(), sigElement);
vc.setBaseURI(dir.toURI().toString());
vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
boolean coreValidity = validator.validate(vc);
assertTrue("Signature failed core validation", coreValidity);
vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
Element manifestElement =
(Element) doc.getElementsByTagName("Manifest").item(0);
vc.setIdAttributeNS(manifestElement, null, "Id");
try {
boolean valid = validator.validate(vc);
System.out.println("Valid: " + valid);
fail("Failure expected when secure validation is enabled");
} catch (XMLSignatureException ex) {
assertTrue(ex.getMessage().contains("URIReferenceException"));
}
}
示例5: test_signature_dsa_detached
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@org.junit.Test
public void test_signature_dsa_detached() throws Exception {
String file = "signature-dsa-detached.xml";
DOMValidateContext vc = validator.getValidateContext
(file, new KeySelectors.RawX509KeySelector());
vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
vc.setURIDereferencer(ud);
boolean coreValidity = validator.validate(vc);
assertTrue("Signature failed core validation", coreValidity);
}
示例6: test_signature_rsa_detached
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@org.junit.Test
public void test_signature_rsa_detached() throws Exception {
String file = "signature-rsa-detached.xml";
DOMValidateContext vc = validator.getValidateContext
(file, new KeySelectors.RawX509KeySelector());
vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
vc.setURIDereferencer(ud);
boolean coreValidity = validator.validate(vc);
assertTrue("Signature failed core validation", coreValidity);
}
示例7: getSigners
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
public List<X509Certificate> getSigners(URL url) throws IOException, ParserConfigurationException, SAXException,
TransformerException, MarshalException, XMLSignatureException, JAXBException {
List<X509Certificate> signers = new LinkedList<X509Certificate>();
List<String> signatureResourceNames = getSignatureResourceNames(url);
for (String signatureResourceName : signatureResourceNames) {
LOG.debug("signature resource name: " + signatureResourceName);
Document signatureDocument = loadDocument(url, signatureResourceName);
if (null == signatureDocument) {
LOG.warn("signature resource not found: " + signatureResourceName);
continue;
}
NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (0 == signatureNodeList.getLength()) {
LOG.debug("no signature elements present");
continue;
}
Node signatureNode = signatureNodeList.item(0);
OPCKeySelector keySelector = new OPCKeySelector(url, signatureResourceName);
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode);
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url);
domValidateContext.setURIDereferencer(dereferencer);
XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
boolean validity = xmlSignature.validate(domValidateContext);
if (false == validity) {
LOG.debug("not a valid signature");
continue;
}
// TODO: check what has been signed.
X509Certificate signer = keySelector.getCertificate();
signers.add(signer);
}
return signers;
}
示例8: testSignedOOXML2
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@Test
public void testSignedOOXML2() throws Exception {
// setup
URL url = OOXMLSignatureVerifierTest.class.getResource("/signed.docx");
// operate
OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier();
List<X509Certificate> result = verifier.getSigners(url);
// verify
assertNotNull(result);
assertEquals(1, result.size());
X509Certificate signer = result.get(0);
LOG.debug("signer: " + signer.getSubjectX500Principal());
byte[] document = IOUtils.toByteArray(url.openStream());
List<String> signatureResourceNames = verifier.getSignatureResourceNames(document);
Document signatureDocument = verifier.getSignatureDocument(new ByteArrayInputStream(document),
signatureResourceNames.get(0));
NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
Element signatureElement = (Element) signatureNodeList.item(0);
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement);
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(document);
domValidateContext.setURIDereferencer(dereferencer);
XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
assertTrue(verifier.isValidOOXMLSignature(xmlSignature, document));
}
示例9: testSignedOOXMLOffice2010ValidOOXML
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@Test
public void testSignedOOXMLOffice2010ValidOOXML() throws Exception {
// setup
URL url = OOXMLSignatureVerifierTest.class.getResource("/hallo.docx");
// operate
OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier();
List<X509Certificate> result = verifier.getSigners(url);
// verify
assertNotNull(result);
assertEquals(1, result.size());
X509Certificate signer = result.get(0);
LOG.debug("signer: " + signer.getSubjectX500Principal());
byte[] document = IOUtils.toByteArray(url.openStream());
List<String> signatureResourceNames = verifier.getSignatureResourceNames(document);
Document signatureDocument = verifier.getSignatureDocument(new ByteArrayInputStream(document),
signatureResourceNames.get(0));
NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
Element signatureElement = (Element) signatureNodeList.item(0);
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement);
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(document);
domValidateContext.setURIDereferencer(dereferencer);
XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
assertTrue(verifier.isValidOOXMLSignature(xmlSignature, document));
}
示例10: XMLDSigWithSecMgr
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
XMLDSigWithSecMgr() throws Exception {
setup();
Document doc = db.newDocument();
Element envelope = doc.createElementNS
("http://example.org/envelope", "Envelope");
envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns", "http://example.org/envelope");
doc.appendChild(envelope);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.genKeyPair();
// the policy only grants this test SocketPermission to accept, resolve
// and connect to localhost so that it can dereference 2nd reference
URI policyURI =
new File(System.getProperty("test.src", "."), "policy").toURI();
Policy.setPolicy
(Policy.getInstance("JavaPolicy", new URIParameter(policyURI)));
System.setSecurityManager(new SecurityManager());
try {
// generate a signature with SecurityManager enabled
ArrayList refs = new ArrayList();
refs.add(fac.newReference
("", sha1,
Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null));
refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()
+ "/anything.txt", sha1));
SignedInfo si = fac.newSignedInfo(withoutComments,
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
XMLSignature sig = fac.newXMLSignature(si, null);
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);
sig.sign(dsc);
// validate a signature with SecurityManager enabled
DOMValidateContext dvc = new DOMValidateContext
(kp.getPublic(), envelope.getFirstChild());
// disable secure validation mode so that http reference will work
dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
sig = fac.unmarshalXMLSignature(dvc);
if (!sig.validate(dvc)) {
throw new Exception
("XMLDSigWithSecMgr signature validation FAILED");
}
} catch (SecurityException se) {
throw new Exception("XMLDSigWithSecMgr FAILED", se);
}
ss.close();
}
示例11: validate
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
boolean validate(String fn, KeySelector ks, URIDereferencer ud,
boolean cache) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setValidating(false);
Document doc = dbf.newDocumentBuilder().parse(new File(dir, fn));
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Couldn't find signature Element");
}
Element sigElement = (Element) nl.item(0);
DOMValidateContext vc = new DOMValidateContext(ks, sigElement);
vc.setBaseURI(dir.toURI().toString());
if (cache) {
vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
}
XMLSignatureFactory factory = XMLSignatureFactory.getInstance();
XMLSignature signature = factory.unmarshalXMLSignature(vc);
if (ud != null) {
vc.setURIDereferencer(ud);
}
boolean coreValidity = signature.validate(vc);
// Check reference cache
if (cache) {
Iterator<Reference> i =
signature.getSignedInfo().getReferences().iterator();
for (int j = 0; i.hasNext(); j++) {
Reference ref = i.next();
if (!digestInputEqual(ref)) {
throw new Exception
("cached data for Reference[" + j + "] is not correct");
}
// check that dereferenced data does not contain comment nodes
if (ref.getURI() == "") {
System.out.println("checking deref data");
@SuppressWarnings("unchecked")
NodeSetData<Node> data =
(NodeSetData<Node>)ref.getDereferencedData();
for (Node n : data) {
if (n.getNodeType() == Node.COMMENT_NODE) {
throw new Exception("dereferenced data for " +
" Reference[" + j + " contains comment node");
}
}
}
}
}
return coreValidity;
}
示例12: XMLDSigWithSecMgr
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
XMLDSigWithSecMgr() throws Exception {
setup();
Document doc = db.newDocument();
Element envelope = doc.createElementNS
("http://example.org/envelope", "Envelope");
envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns", "http://example.org/envelope");
doc.appendChild(envelope);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.genKeyPair();
// the policy only grants this test SocketPermission to accept, resolve
// and connect to localhost so that it can dereference 2nd reference
System.setProperty("java.security.policy",
System.getProperty("test.src", ".") + File.separator + "policy");
System.setSecurityManager(new SecurityManager());
try {
// generate a signature with SecurityManager enabled
ArrayList refs = new ArrayList();
refs.add(fac.newReference
("", sha1,
Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null));
refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()
+ "/anything.txt", sha1));
SignedInfo si = fac.newSignedInfo(withoutComments,
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
XMLSignature sig = fac.newXMLSignature(si, null);
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);
sig.sign(dsc);
// validate a signature with SecurityManager enabled
DOMValidateContext dvc = new DOMValidateContext
(kp.getPublic(), envelope.getFirstChild());
// disable secure validation mode so that http reference will work
dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
sig = fac.unmarshalXMLSignature(dvc);
if (!sig.validate(dvc)) {
throw new Exception
("XMLDSigWithSecMgr signature validation FAILED");
}
} catch (SecurityException se) {
throw new Exception("XMLDSigWithSecMgr FAILED", se);
}
ss.close();
}
示例13: verify
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@SuppressWarnings("unchecked")
protected void verify(InputStream input, final Message out) throws Exception { //NOPMD
LOG.debug("Verification of XML signature document started");
final Document doc = parseInput(input, out);
XMLSignatureFactory fac;
// Try to install the Santuario Provider - fall back to the JDK provider if this does
// not work
try {
fac = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
} catch (NoSuchProviderException ex) {
fac = XMLSignatureFactory.getInstance("DOM");
}
KeySelector selector = getConfiguration().getKeySelector();
if (selector == null) {
throw new IllegalStateException("Wrong configuration. Key selector is missing.");
}
DOMValidateContext valContext = new DOMValidateContext(selector, doc);
valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
valContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
if (getConfiguration().getSecureValidation() == Boolean.TRUE) {
valContext.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
valContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
}
setUriDereferencerAndBaseUri(valContext);
setCryptoContextProperties(valContext);
NodeList signatureNodes = getSignatureNodes(doc);
List<XMLObject> collectedObjects = new ArrayList<XMLObject>(3);
List<Reference> collectedReferences = new ArrayList<Reference>(3);
int totalCount = signatureNodes.getLength();
for (int i = 0; i < totalCount; i++) {
Element signatureNode = (Element) signatureNodes.item(i);
valContext.setNode(signatureNode);
final XMLSignature signature = fac.unmarshalXMLSignature(valContext);
if (getConfiguration().getXmlSignatureChecker() != null) {
XmlSignatureChecker.Input checkerInput = new CheckerInputBuilder().message(out).messageBodyDocument(doc)
.keyInfo(signature.getKeyInfo()).currentCountOfSignatures(i + 1).currentSignatureElement(signatureNode)
.objects(signature.getObjects()).signatureValue(signature.getSignatureValue())
.signedInfo(signature.getSignedInfo()).totalCountOfSignatures(totalCount)
.xmlSchemaValidationExecuted(getSchemaResourceUri(out) != null).build();
getConfiguration().getXmlSignatureChecker().checkBeforeCoreValidation(checkerInput);
}
boolean coreValidity;
try {
coreValidity = signature.validate(valContext);
} catch (XMLSignatureException se) {
throw getConfiguration().getValidationFailedHandler().onXMLSignatureException(se);
}
// Check core validation status
boolean goon = coreValidity;
if (!coreValidity) {
goon = handleSignatureValidationFailed(valContext, signature);
}
if (goon) {
LOG.debug("XML signature {} verified", i + 1);
} else {
throw new XmlSignatureInvalidException("XML signature validation failed");
}
collectedObjects.addAll(signature.getObjects());
collectedReferences.addAll(signature.getSignedInfo().getReferences());
}
map2Message(collectedReferences, collectedObjects, out, doc);
}
示例14: testVerifySignature
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
@Test
public void testVerifySignature() throws Exception {
java.util.logging.Logger logger = java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
logger.log(Level.FINE, "test");
URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-signed.docx");
String signatureResourceName = getSignatureResourceName(url);
LOG.debug("signature resource name: " + signatureResourceName);
OOXMLProvider.install();
ZipInputStream zipInputStream = new ZipInputStream(url.openStream());
ZipEntry zipEntry;
while (null != (zipEntry = zipInputStream.getNextEntry())) {
if (false == signatureResourceName.equals(zipEntry.getName())) {
continue;
}
Document signatureDocument = loadDocument(zipInputStream);
LOG.debug("signature loaded");
NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
assertEquals(1, signatureNodeList.getLength());
Node signatureNode = signatureNodeList.item(0);
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode);
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url);
domValidateContext.setURIDereferencer(dereferencer);
XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
boolean validity = xmlSignature.validate(domValidateContext);
assertTrue(validity);
List<?> objects = xmlSignature.getObjects();
for (Object object : objects) {
LOG.debug("ds:Object class type: " + object.getClass().getName());
}
break;
}
}
示例15: verifySignature
import javax.xml.crypto.dsig.dom.DOMValidateContext; //导入方法依赖的package包/类
private boolean verifySignature(Element element, PublicKey validatingKey, AtomicReference<String> OutReadableErrorMessage) {
if (OutReadableErrorMessage == null) {
OutReadableErrorMessage = new AtomicReference<String>();
}
XMLSignatureFactory fac = initXMLSigFactory();
NodeList nl = element.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new RuntimeException("Cannot find Signature element");
}
DOMValidateContext valContext = new DOMValidateContext(validatingKey, nl.item(0));
try {
valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean coreValidity = signature.validate(valContext);
// Check core validation status.
if (coreValidity == false) {
logger.warn("Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(valContext);
logger.debug("signature validation status: " + sv);
OutReadableErrorMessage.set("signature validation failed: " + sv + "." + OutReadableErrorMessage.get());
// Check the validation status of each Reference.
@SuppressWarnings("unchecked")
Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator();
//System.out.println("---------------------------------------------");
for (int j = 0; i.hasNext(); j++) {
Reference ref = (Reference) i.next();
boolean refValid = ref.validate(valContext);
logger.debug(j);
logger.debug("ref[" + j + "] validity status: " + refValid);
if (!refValid) {
OutReadableErrorMessage.set("signature reference " + j + " invalid. " + OutReadableErrorMessage.get());
}
logger.debug("Ref type: " + ref.getType() + ", URI: " + ref.getURI());
for (Object xform : ref.getTransforms()) {
logger.debug("Transform: " + xform);
}
String calcDigValStr = digestToString(ref.getCalculatedDigestValue());
String expectedDigValStr = digestToString(ref.getDigestValue());
logger.warn(" Calc Digest: " + calcDigValStr);
logger.warn("Expected Digest: " + expectedDigValStr);
if (!calcDigValStr.equalsIgnoreCase(expectedDigValStr)) {
OutReadableErrorMessage.set("digest mismatch for signature ref " + j + "." + OutReadableErrorMessage.get());
}
}
} else {
logger.info("Signature passed core validation");
}
return coreValidity;
} catch (Exception e) {
OutReadableErrorMessage.set("signature validation failed: " + e.getMessage() + OutReadableErrorMessage.get());
logger.fatal(e);
return false;
}
}